Newsletter writer covering Evolve Bank's data breach says the bank sent him a cease and desist letter

Mary Ann Azevedo and Lorenzo Franceschi-Bicchierai
·3 min read

The situation around a data breach that’s affected an ever-growing number of fintech companies has gotten even weirder. Evolve Bank & Trust announced last week that it was hacked and confirmed the stolen data has been posted to the dark web. Now Evolve has sent a cease and desist letter to the writer of a newsletter who has been covering the ongoing situation.

Jason Mikula, author of respected industry publication Fintech Business Weekly, told TechCrunch that he received a cease and desist letter from the bank telling him not to share files from the dark web with any allegedly impacted fintech companies.

Mikula told TechCrunch that he wasn’t actually doing such sharing but he was offering to do so and did see some of the files. Looking at hacked information is a common practice among journalists when reporting on security breaches as a way to confirm that a breach happened and what was taken.

In this case, Mikula said he’s connected with four people who have access to some of the files that were stolen in the breach and posted on the dark web and has reviewed some of the data himself.

The crux of the problem is that not all the impacted fintechs have received details about what information was stolen in the breach, according to Mikula’s industry sources.

“As I understand it, some fintechs hadn’t gotten ‘confirmation’ from Evolve about what had been breached and thus hadn’t acted to mitigate risk or inform users,” Mikula told TechCrunch.

Mikula believes that “seeing the files would let them (1) confirm the breach had happened and examples of what data fields were included and (2) allow them to identify specific customers that had been impacted,” he said.

Mikula was posting information on the fintechs confirmed to be involved on X and reporting on it in his newsletter. So much so that X users like Parrot Capital have heaped praise upon him. “Jason has been providing better customer service for those affected by the Evolve Bank breach than anyone else,” Parrot posted on X.

Mikula said yesterday he “woke up to the C&D.” He added that he was reporting on the situation responsibly and would continue to do so. TechCrunch has reached out to Evolve for comment.

Meanwhile, while Evolve was sending letters from lawyers to Mikula, on July 1, a group of senators publicly urged those involved with a fintech in trouble, Synapse, to act. They want Synapse’s owners, its fintech and bank partners -- including Evolve -- to “immediately restore customers’ access to their money.” Synapse was pressured to file for Chapter 7 bankruptcy in May, liquidating its business entirely. Customers have been frozen out ever since.

The senators implicated both the partners and investors of the company as being responsible for any missing customer funds. The senators’ letter alleges that $65 million to $95 million worth of funds are missing, but Synapse and all other players, including Evolve, assert that if this is true, they are not the ones responsible. They are all pointing fingers at others.

The letter was addressed to W. Scott Stafford, president and CEO of Evolve Bank & Trust, but was also sent to major investors in bankrupt banking-as-a-service startup Synapse, as well as to the company’s principal bank and fintech partners.

Want more fintech news in your inbox? Sign up for TechCrunch Fintech here.

Want to reach out with a tip? Email me at maryann@techcrunch.com or send me a message on Signal at 408.204.3036. You can also send a note to the whole TechCrunch crew at tips@techcrunch.com. For more secure communications, click here to contact us, which includes SecureDrop (instructions here) and links to encrypted messaging apps.